Writekit/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
infra/files/stacks/docker-compose.ops.yml

120 lines
3.7 KiB
YAML
Raw Normal View History

init
2026-01-09 00:22:05 +02:00
services:
traefik:
image: traefik:v3.6
restart: unless-stopped
ports:
- "80:80"
- "443:443"
command:
- --api.dashboard=false
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=ops
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- --certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL}
init
2026-01-09 00:22:05 +02:00
- --certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json
environment:
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
init
2026-01-09 00:22:05 +02:00
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-certs:/letsencrypt
networks:
- ops
registry:
image: registry:2
restart: unless-stopped
ports:
- "5000:5000"
volumes:
- registry-data:/var/lib/registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
networks:
- ops
forgejo:
image: codeberg.org/forgejo/forgejo:11
restart: unless-stopped
environment:
- USER_UID=1000
- USER_GID=1000
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- FORGEJO__server__DOMAIN=source.${DOMAIN}
- FORGEJO__server__ROOT_URL=https://source.${DOMAIN}
- FORGEJO__server__SSH_DOMAIN=source.${DOMAIN}
init
2026-01-09 00:22:05 +02:00
- FORGEJO__server__SSH_PORT=22
- FORGEJO__server__SSH_LISTEN_PORT=2222
- FORGEJO__database__DB_TYPE=sqlite3
fix: resolve Woodpecker-Forgejo OAuth integration issues - Enable Forgejo registration for OAuth users (DISABLE_REGISTRATION=false) - Use public URL for Woodpecker OAuth redirects instead of internal hostname - Add WOODPECKER_OPEN=true to allow new user registrations - Bcrypt hash OAuth client secret before storing in database Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 00:44:35 +02:00
- FORGEJO__service__DISABLE_REGISTRATION=false
init
2026-01-09 00:22:05 +02:00
- FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
- FORGEJO__webhook__ALLOWED_HOST_LIST=external,loopback,10.0.0.0/24
- FORGEJO__security__INSTALL_LOCK=true
- FORGEJO__actions__ENABLED=false
volumes:
- forgejo-data:/data
ports:
- "2222:2222"
labels:
- traefik.enable=true
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- traefik.http.routers.forgejo.rule=Host(`source.${DOMAIN}`)
init
2026-01-09 00:22:05 +02:00
- traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver=cloudflare
- traefik.http.services.forgejo.loadbalancer.server.port=3000
networks:
- ops
woodpecker:
image: woodpeckerci/woodpecker-server:v3
restart: unless-stopped
environment:
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- WOODPECKER_HOST=https://ci.${DOMAIN}
init
2026-01-09 00:22:05 +02:00
- WOODPECKER_FORGEJO=true
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- WOODPECKER_FORGEJO_URL=https://source.${DOMAIN}
fix: resolve Woodpecker-Forgejo OAuth integration issues - Enable Forgejo registration for OAuth users (DISABLE_REGISTRATION=false) - Use public URL for Woodpecker OAuth redirects instead of internal hostname - Add WOODPECKER_OPEN=true to allow new user registrations - Bcrypt hash OAuth client secret before storing in database Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 00:44:35 +02:00
- WOODPECKER_OPEN=true
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- WOODPECKER_FORGEJO_CLIENT=${WOODPECKER_FORGEJO_CLIENT}
- WOODPECKER_FORGEJO_SECRET=${WOODPECKER_FORGEJO_SECRET}
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
- WOODPECKER_ADMIN=${WOODPECKER_ADMIN}
init
2026-01-09 00:22:05 +02:00
volumes:
- woodpecker-data:/var/lib/woodpecker
depends_on:
- forgejo
labels:
- traefik.enable=true
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- traefik.http.routers.woodpecker.rule=Host(`ci.${DOMAIN}`)
init
2026-01-09 00:22:05 +02:00
- traefik.http.routers.woodpecker.tls=true
- traefik.http.routers.woodpecker.tls.certresolver=cloudflare
- traefik.http.services.woodpecker.loadbalancer.server.port=8000
networks:
- ops
woodpecker-agent:
image: woodpeckerci/woodpecker-agent:v3
restart: unless-stopped
environment:
- WOODPECKER_SERVER=woodpecker:9000
fix: remove $$ escaping from docker-compose files Using file() instead of templatefile() so $${VAR} isn't processed. Changed to ${VAR} for proper docker-compose variable interpolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 03:05:15 +02:00
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
init
2026-01-09 00:22:05 +02:00
- WOODPECKER_BACKEND_DOCKER_NETWORK=writekit_ops
- WOODPECKER_BACKEND_DOCKER_VOLUMES=/opt/writekit/.ssh:/mnt/ssh:ro
- DOCKER_HOST=unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- woodpecker
networks:
- ops
networks:
ops:
volumes:
traefik-certs:
registry-data:
forgejo-data:
woodpecker-data:
Reference in a new issue Copy permalink